Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques 
Indicators of Compromise

SHA1									Detection				Description
c150e4ab20d59affc62b916c2c90686f43040a9f				Ransom.Linux.AGENDA.SMYXDKTT		linux_x86-64 (Agenda Ransomware)
		
SHA256									Detection				Description
c0f7c2bb04aa09dae62f0e5feeb7c9c867685abc788ae6b0e6928ad7979dbcaf	Trojan.Win32.KILLAV.THIAFBE		C:\Users\<REDACTED>\Downloads\Or2.exe
e46bde83b8a3a7492fc79c22b337950fc49843a42020c41c615b24579c0c3251	Trojan.Win32.KILLAV.THIAFBE		C:\Users\<REDACTED>\Desktop\cg6.exe   
f488861f8d3d013c3eef88983de8f5f37bb014ae13dc13007b26ebbd559e356e	Trojan.Win32.KILLAV.THIAFBE		C:\Users\<REDACTED>\Desktop\44a.exe   
3dba9ba8e265faefce024960b69c1f472ab7a898e7c224145740f1886d97119f	Trojan.Win32.KILLAV.THIAFBE		C:\Users\<REDACTED>\Desktop\aa.exe    
15e5bf0082fbb1036d39fc279293f0799f2ab5b2b0af47d9f3c3fdc4aa93de67	Trojan.Win32.KILLAV.THIAHBE		C:\Users\<REDACTED>\Downloads\2stX\2stX.exe
331d136101b286c2f7198fd41e5018fcadef720ca0e74b282c1a44310a792e7f	Backdoor.Win32.SSHPUTT.THIAFBE		C:\Users\<REDACTED>\Desktop\1.exe     
549a1ae688edfcb2e7a254ac3aded866b378b2e829f1bb8af42276b902f475e6	Backdoor.Win32.SSHPUTT.THIAFBE		C:\Users\<REDACTED>\Desktop\2.exe    
454e398869e189874c796133f68a837c9b7f2190b949a8222453884f84cf4a1b	Backdoor.Win32.SSHPUTT.THIAFBE		C:\Users\<REDACTED>\Desktop\3.exe    
e38d4140fce467bfd145a8f6299fc76b8851a62555b5c0f825b9a2200f85017c	Backdoor.Win32.SSHPUTT.THIAFBE		C:\Users\<REDACTED>\Downloads\test.exe
5f0253f959d65c45a11b7436301ee5a851266614f811c753231d684eb5083782	Backdoor.Win64.COROXY.THIAGBE		C:\ProgramData\Veeam\socks64.dll
e14ba0fb92e16bb7db3b1efac4b13aee178542c6994543e7535d8efaa589870c						C:\Users\<REDACTED>\Desktop\netscan.exe
16f83f056177c4ec24c7e99d01ca9d9d6713bd0497eeedb777a3ffefa99c97f0						C:\Users\<REDACTED>\AppData\Local\Temp\ThrottleStop.sys
5fff877789223fa9810a365dfdeafe982c92f346ecd20e003319c3067becd8ba						C:\Users\<REDACTED>\Downloads\2stX\eskle.sys

URL 														Findings
hxxp://185[.]141[.]216[.]127/tr.e 										Disease Vector
hxxps://pub-2149a070e76f4ccabd67228f754768dc[.]r2[.]dev/I-Google-Captcha-Continue-Latest-27-L-1[.]html 		Fake CAPTCHA 
hxxps://pub-959ff112c2eb41ce8f7b24e38c9b4f94[.]r2[.]dev/Google-Captcha-Continue-Latest-J-KL-3[.]html 		Fake CAPTCHA 
hxxps://chatgptitalia[.]net/ 											Phishing Site 
45[.]221[.]64[.]245/mot/ 											Malware Accomplice (from Fake CAPTCHA) 
104[.]164[.]55[.]7/231/means.d 											Malware Accomplice (from Fake CAPTCHA)